{"id":81977,"date":"2018-04-17T07:00:18","date_gmt":"2018-04-17T14:00:18","guid":{"rendered":"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/?p=81977"},"modified":"2023-05-26T14:58:14","modified_gmt":"2023-05-26T21:58:14","slug":"connect-to-the-intelligent-security-graph-using-a-new-api","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/04\/17\/connect-to-the-intelligent-security-graph-using-a-new-api\/","title":{"rendered":"Connect to the Intelligent Security Graph using a new API"},"content":{"rendered":"

Most organizations deal with high volumes of security data and have dozens of security solutions in their enterprise, making the task of integrating various products and services daunting and complex. The cost, time, and resources necessary to connect systems, enable correlation of alerts, and provide access to contextual data is extremely high. These challenges hinder the ability for organizations to move quickly when detecting and remediating threats in a world of fast-moving, disruptive attacks.<\/p>\n

By connecting security data and systems, we can gain an advantage over today\u2019s adversaries. At Microsoft, our security products are powered by the Intelligent Security Graph which synthesizes massive amounts of threat intelligence and security signals from across Microsoft products, services, and partners using advanced analytics to identify and mitigate cyberthreats. This week at the RSA conference, we announced the public preview of a Security API that empowers customers and partners to build on the Intelligent Security Graph. By connecting security solutions and integrating with existing workflows, alerts and contextual information from multiple solutions can be easily consolidated and correlated to inform threat detection, and actions can be taken to streamline incident response. The unified API will make these connections easier by providing a standard interface and uniform schema to integrate and correlate security alerts from multiple sources, enrich investigations with contextual data, and automate security operations for greater efficiency.<\/p>\n

The Security API is part of the Microsoft Graph, which is a unified rest API for integrating data and intelligence from Microsoft products and services. Using Microsoft Graph, developers can rapidly build solutions that authenticate once and use a single API call to access or act on security insights from multiple security solutions. Additional value is uncovered when you explore the other Microsoft Graph entities (Office 365, Azure Active Directory, Intune, and more) to tie business context with your security insights.<\/p>\n

This public preview supports API access of Alerts from Azure Security Center and Azure Active Directory Identity Protection with Intune and Azure Information Protection coming soon. We are also announcing support for high volume streaming of alerts to a SIEM through Security API integration with Azure Monitor. This will enable seamless ingestion of alerts from multiple sources directly into a SIEM. Over the coming months, we\u2019ll add many more Microsoft and partner security solutions integrations as data providers. We will also add new capabilities that unlock new security context through Security Inventory<\/em> and take Actions<\/em> to automation security operations through the same Security API.<\/p>\n

\"\"<\/p>\n

<\/h2>\n

Enabling ecosystem partners<\/h2>\n

The Security API opens up new possibilities for integration partners<\/a> to build with the Intelligent Security Graph. Partners can not only consume security insights from the Graph but they can allow their alerts, context, and automation to be enabled in the Graph at peer level with integrated Microsoft products. By forming a connected, extended ecosystem of security technologies, Microsoft and partners can deliver better protections for our customers. Some partners have already onboarded to the Security APIs and many other integrations are in progress:<\/p>\n

Anomali<\/strong> integrates<\/a> with the Security API to correlate alerts from Microsoft Graph with threat intelligence, providing earlier detection and response to cyber threats.<\/p>\n

\n

The Security Graph API allows us to receive not only actionable alert information but allows security analysts to pivot and enrich alerts with asset and user information.\u00a0\u2013 Colby DeRodeff, Co-founder and Chief Strategy Officer of Anomali<\/strong><\/p>\n<\/blockquote>\n

Palo Alto Networks<\/strong> can enrich alerts<\/a> from Microsoft Graph Security with threat intelligence speeding up detection and prevention of cyberattacks for our shared customers.<\/p>\n

\n

The adoption of public clouds is accelerating, but so is the threat level to the applications and data inside organizations. Today\u2019s announcement of the Microsoft Graph Security API sets the stage for expanding the built-in security features we can offer our joint customers and to help organizations safely embrace the cloud. \u2013 Andy Horwitz, Vice President, Business and Corporate Development, Palo Alto Networks<\/strong><\/p>\n<\/blockquote>\n

PwC<\/strong> uses alerts and context from Microsoft Graph in its Secure Terrain<\/a> solution to deliver improved visibility and protection.<\/p>\n

\n

The integration with Secure Terrain offers users a streamlined way to investigate Microsoft Graph alerts in the context of the broader enterprise and perform threat hunting investigations. \u2013 Christopher Morris, Principal at PricewaterhouseCoopers<\/strong><\/p>\n<\/blockquote>\n

<\/h2>\n

Building intelligent security applications<\/h2>\n

Customers, managed service providers, and technology partners, can leverage the Security APIs to build and integrate a variety of applications. Some examples include:<\/p>\n